James Hawkins : msi: Add extra constraints on the formatting string of edit path text.
Alexandre Julliard
julliard at winehq.org
Thu Oct 9 07:43:08 CDT 2008
Module: wine
Branch: master
Commit: 451aff9ae54c0817a33e205df1c144d3b8bd0942
URL: http://source.winehq.org/git/wine.git/?a=commit;h=451aff9ae54c0817a33e205df1c144d3b8bd0942
Author: James Hawkins <jhawkins at codeweavers.com>
Date: Thu Oct 9 00:54:04 2008 -0500
msi: Add extra constraints on the formatting string of edit path text.
---
dlls/msi/dialog.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/dlls/msi/dialog.c b/dlls/msi/dialog.c
index add7876..799aa48 100644
--- a/dlls/msi/dialog.c
+++ b/dlls/msi/dialog.c
@@ -1204,12 +1204,15 @@ static UINT msi_dialog_combo_control( msi_dialog *dialog, MSIRECORD *rec )
return ERROR_SUCCESS;
}
+/* length of 2^32 + 1 */
+#define MAX_NUM_DIGITS 11
+
static UINT msi_dialog_edit_control( msi_dialog *dialog, MSIRECORD *rec )
{
msi_control *control;
LPCWSTR prop, text;
LPWSTR val, begin, end;
- WCHAR num[10];
+ WCHAR num[MAX_NUM_DIGITS];
DWORD limit;
control = msi_dialog_add_control( dialog, rec, szEdit,
@@ -1222,7 +1225,9 @@ static UINT msi_dialog_edit_control( msi_dialog *dialog, MSIRECORD *rec )
begin = strchrW( text, '{' );
end = strchrW( text, '}' );
- if ( begin && end && end > begin )
+ if ( begin && end && end > begin &&
+ begin[0] >= '0' && begin[0] <= '9' &&
+ end - begin < MAX_NUM_DIGITS)
{
lstrcpynW( num, begin + 1, end - begin );
limit = atolW( num );
More information about the wine-cvs
mailing list